[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: IKE V2 Open Issues



"Theodore Ts'o" <tytso@xxxxxxx> writes:

> 5) Lack of definition of the COOKIE_REQUIRED notify payload.
> Charlie's suggestion to delete the COOKIE_REQUIRED payload and simply
> to use the COOKIE payload is simple, and non-controversial.

Actually, I (and at least two others who have voiced opinions on the
topic) prefer Radia's suggestion of putting the cookie into the
COOKIE_REQUIRED notify payload and sending that.  So Bob would send a
N(COOKIE_REQUIRED{cookie}) message to Alice, and Alice would add
N(COOKIE{cookie}) to message-3.  I think this is clearer than
Charlie's suggestion of just using N(COOKIE{cookie}) in both
directions.

Radia?  Charlie?  Others?

-derek

-- 
       Derek Atkins
       Computer and Internet Security Consultant
       derek@xxxxxxxxx             www.ihtfp.com